Hackers Focusing on Small & Medium-Sized Practices

During the past twelve months, the number of recorded ransomware attacks against healthcare organizations – particularly small and medium sized practices – has increased significantly. Security experts believe the increase in recorded ransomware attacks is attributable to healthcare organizations being more vulnerable during the COVID-19 pandemic.

However, large healthcare organizations, while certainly valuable targets for cybercriminals, are not the easiest targets due to the considerable resources they invest in cybersecurity. Infiltrating the databases of larger organizations can prove complicated and time consuming; whereas small and medium sized practices do not have the same amount of money to invest in cybersecurity while still holding significant amounts of sensitive data.

Along with less investment in physical cybersecurity, smaller practices have in the past been guilty of neglecting staff HIPAA training due to HHS´ enforcement actions being focused on larger organizations. It may also be the case small and medium sized practices do not consider themselves attractive targets for cybercriminals – thus letting their guard down and providing an easier target for cybercriminals.

Cyberattacks on Small- & Medium-Sized Healthcare Groups Increasing

A recently published report by the CTI League highlighted the main emerging threats in the healthcare sector. In the last Quarter of 2020, experts discovered a significant rise in cyberattacks on the healthcare industry. The report stated: “From October to December the CTI League observed a dramatic uptick in focused attacks against healthcare entities, particularly small and medium sized hospitals and clinics, which impacted clinical workflows at hundreds of healthcare providers.”

Ransomware response company Coveware also produced data (see graph below) to show:

  • Nearly 70% of ransomware attacks were targeted on healthcare organizations with fewer than 1,000 employees.
  • During Q4 2020, 65.9% of these attacks aimed for small (30.2%) and medium (35.7%) sized practices.
  • While Ryuk and Sodinokibi ransomware attacks focus on large enterprises, the Dharma, Snitch, and Netwalker ransomware campaigns focused firmly on small- to medium-sized practices.

Q4, 2020 Ransomware Attacks. Source: Coveware

The access controls typically used by small-and medium-sized organizations – and how they are applied – can often be not as robust as those used by larger groups, which makes it easier for cybercriminals to infiltrate networks and databases. These organizations are also less likely to have dependable backup systems and conduct HIPAA training for staff that covers every possible attack vector.

This means it is almost impossible to restore compromised systems and recover data without paying the ransom. Even when backups exist, they may not cover all of the necessary network connections and databases, and file recovery may not have been properly tested. Along with this it is quite common for network segmentation to have been disregarded as a security tactic.

What Steps Can Small- & Medium Sized Healthcare Groups Take to Stop Cyberattacks?

Identifying the correct types of cybersecurity measures to implement in order to stop cyberattacks from infiltrating your organization is not a straightforward task. It is often better to start with a range of small changes which will enhance your security posture and build out from there. Here we have listed some measures you can implement to tackle phishing, RDP compromise, and a shortfall in HIPAA training:

  1. Phishing:Conduct employee awareness training in order to educate your workforce about cyber threats and identifying them. Configure strong passwords in tandem with 2-factor authentication on every username-password combination on you network.
  2. RDP compromise:Amend default ports and set a maximum number of log-in attempts before automatic lock-out is activated. This will mitigate the threat from brute force attacks. In addition, ensure staff responsible for network security undergo regular HIPAA training and refresher course so that it remains to the forefront of their thinking when allocating time to specific projects.
  3. The Importance of HIPAA Training: As indicated in both of the points above HIPAA training is the single most important security measure for small- to medium-sized practices to put in place. The most important part of any network and its security solution are the users. All of the strongest cybersecurity measures available will count for absolutely nothing if the technology is not being used correctly by individuals who are not fully aware of their obligations under HIPAA.


Small- to medium sized healthcare practices are a prime target for ransomware attacks due to the lack of resource they tend to dedicate towards cybersecurity measures. The first thing all groups should do to make sure they are preventing phishing and RDP attacks infiltrating their networks is to provide staff with HIPAA-compliant data security training.